WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-27616

7.1HIGH

Key Information:

Vendor: WordPress
Status: Rsvpmaker
Vendor: CVE Published:; 27 September 2023

Summary

The RSVPMaker Plugin, developed by David F. Carr, is susceptible to a stored XSS vulnerability in versions up to 10.6.6. This vulnerability allows attackers to inject malicious scripts into the web pages served to users, potentially compromising sensitive user data and manipulating user sessions. If exploited, the attacker could gain unauthorized access to user accounts or deliver harmful payloads to site visitors, posing significant risks to the site’s integrity and the security of its users.

Affected Version(s)

RSVPMaker <= 10.6.6

References

https://patchstack.com/database/vulnerability/rsvpmaker/w...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Mar 5, 2023

Credit

Muhammad Arsalan Diponegoro - tripoloski (Patchstack Alliance)